if exist "C:\DOCUME~1\Media\LOCALS~1\Temp\svchost.exe" goto try
i tried zipping the svchost.exe file, but it gives me access denied errors. I will try again in safe mode; will update this post then with the attachment
Edit: Before booting to safe mode, i checked all processes under my username and found out that "svhost32.exe" was running... i found out the path through process explorer and tried to copy it ... it gave me access denied errors. So i booted the os in safe mode and copied it ;; it is attached now. That one file that i was gonna get from the temp folder (i.e. svchost.exe) is no longer there. I believe that svchost.exe in temp folder was used to create svhost32.exe which was then placed in C:\Program Files\Microsoft. It looks like a "world of warcraft" password stealer, but i want to know how it got into my pc in the first place. How can i find out what this process was trying to do to my computer?